Scam Alert! Don’t Click that Google Docs Link You Just Received in Your Email. It Could Be A Malware

Have you received any random email recently containing ‘Google Doc’ attachment within it? Don’t click on that link – it could get you HACKED. And delete it immediately — even if it is from someone you know.

An alarming phishing scam began spreading around the internet since Wednesday in an attempt to access Google accounts through an email embedded with a fake Google Docs file.

Originally thought to be targeting only journalists, these malware emails were also slinging their way across unrelated mailboxes – from organizations to schools/campuses and even random people.

The malicious email contains what appears to be a link to a Google Doc file, saying that the person [sender] “has shared a document on Google Docs with you.” Once you click the link, you will be redirected to a legit Google.com page asking you to authorize “Google Docs” to access to your Gmail account. It says, “Google Docs would like to read, send and delete emails, as well access to your contacts.”

You should know that the real Google Docs invitation links do not require your permission to access your Gmail account.

If you allow the access, the hackers would immediately get permission to manage your Gmail account with access to all your emails and contacts, without requiring your Gmail password. It also gains control over the webmail account, including the ability to read victims’ messages and send new ones on their behalf.

Once the permissions to manage your email are granted, the software will immediately spam out the same message to all the people on your contacts list, even bypassing two-factor authentication.

Meanwhile, Google has also started blacklisting malicious apps being used in the active phishing campaign.

“We have taken action to protect users against an email impersonating Google Docs (and) have disabled offending accounts,” Google wrote in a statement on Twitter. “We’ve removed the fake pages; pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.

It all started when Facebook introduced a great feature for page admins to target the audience 'who liked a specific post of their page but not the page itself' to like the page by sending invitations to users asking them if they wished to like their page.

While the use of face recognition seems to be helpful and would decrease unauthorized image uploads, the idea of Facebook scanning every photo and using facial recognition to collect our biometric data is sure to upset some people.

About All Tech Buzz

On AllTechBuzz we cover wide range of Technology Articles. We have been educating people on various tools and technologies since few years. Currently, we are also running a Forum where our experts answer different queries related to Blogging and Technology.

About the Admin

Imran Uddin started his career as a Blogger, now runs a Tech company - All Tech Media Pvt. Ltd. After 6 years of spending in Digital Space, he has gained expertise in various fields of Digital Media and Marketing.